Support OAuth2 authorization via PIN - Githubissues

KorAP / Kustvakt

:speedboat: User and policy management component for KorAP, capable of rewriting queries for policy based document restrictions.

BSD 2-Clause "Simplified" License

4 stars 3 forks source link

Support OAuth2 authorization via PIN #48

Open margaretha opened 5 years ago

margaretha commented 5 years ago

Kustvakt should support OAuth2 authorization via PIN (or other kind of code) activation, for instance to facilitate login in "IDS Wortraumstation" using virtual reality (VR) tools. The authorization process involves two KorAP front-end instances, e.g. VR app and Kalamar for the browser. The general flow is:

VR app shows PIN and sends a poll request with username & PIN to Kustvakt.
User login to Kalamar and activate PIN in Kalamar.
Kustvakt matches username & PIN from VR app & Kalamar, and sends response with an access token to the VR app

To achieve this, two additional web-service are needed for:

poll requesting oauth2 token using pin and username
pin activation requiring user authentication in the authorization header

This issue is related to https://github.com/KorAP/Kalamar/issues/101.

notesjor commented 1 year ago

In my opinion, a better solution would be to use signed JWT (public/private key). This is safe and easy to implement.